From: Benoit PAPILLAULT <benoit.papillault@free.fr>
To: Johannes Berg <johannes@sipsolutions.net>
Cc: linux-wireless@vger.kernel.org
Subject: Re: [PATCH] mac80211: improved ieee80211_verify_alignment
Date: Sat, 28 Nov 2009 22:14:44 +0100 [thread overview]
Message-ID: <4B1192C4.5010909@free.fr> (raw)
In-Reply-To: <1259421237.5428.28.camel@johannes.local>
Johannes Berg a écrit :
> On Sat, 2009-11-28 at 15:47 +0100, Benoit Papillault wrote:
>> From: Benoit PAPILLAULT <benoit.papillault@free.fr>
>>
>> ieee80211_verify_alignment has been improved to avoid small 802.11 frame (<2
>> bytes) and skip checking for data alignment when there is no 802.11 data (when
>> the frame length is less or egal to the header length)
>
> None of this is necessary.
>
>> --- a/net/mac80211/rx.c
>> +++ b/net/mac80211/rx.c
>> @@ -386,10 +386,23 @@ static void ieee80211_verify_alignment(struct ieee80211_rx_data *rx)
>> "unaligned packet at 0x%p\n", rx->skb->data))
>> return;
>>
>> + /* before using the hdr->frame_control field, we need to check that
>> + * skb contains at least 2 bytes */
>> +
>> + if (rx->skb->len < 2)
>> + return ;
>> +
>
> Frames shorter than 16 bytes never reach this point.
>
>> if (!ieee80211_is_data_present(hdr->frame_control))
>> return;
>>
>> hdrlen = ieee80211_hdrlen(hdr->frame_control);
>> +
>> + /* before checking data alignment, we need to check that skb contains
>> + * at least 1 byte of data */
>> +
>> + if (rx->skb->len <= hdrlen)
>> + return;
>> +
>
> Even if this could happen it's not true -- we do not need a byte of data
> to verify that it's aligned properly. After all, even the empty string
> can be aligned -- we never actually dereference the data there.
>
> johannes
My purpose was to make ieee80211_verify_alignment autonomous, ie without
assuming that other functions have done some checks before. I got some
problems since this function is called by
__ieee80211_rx_handle_packet(), called by ieee80211_rx() where skb can
be anything (and is anything since i'm doing injection!).
Following our discussion, I understand that :
- for the first case, frames with skb->len < 16 are already filtered out
by ieee80211_rx_monitor() when it calls should_drop_frame().
- for the second case, we don't dereference data, so we are on the safe
side. I'll further study this point since my feeling was that I got some
warning where I would not expect them. The case would be : skb->len = 24
for instance, hdrlen = 26 and skb->data aligned on a 2 bytes boundary
only. The current code would issue a warning even if no payload part is
present.
So, forget this patch for now.
Regards,
Benoit
prev parent reply other threads:[~2009-11-28 21:14 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1259419649-1422-1-git-send-email-benoit.papillault@free.fr>
2009-11-28 15:13 ` [PATCH] mac80211: improved ieee80211_verify_alignment Johannes Berg
2009-11-28 21:14 ` Benoit PAPILLAULT [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B1192C4.5010909@free.fr \
--to=benoit.papillault@free.fr \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.